Microsoft Systems Compromised by Russian State-Sponsored Hackers

Microsoft hacked by State hackers

Microsoft revealed today that its systems were recently targeted and partially compromised by the Russian state-sponsored hacker group known as Midnight Blizzard, also called Nobelium.

In a blog post, Microsoft said the attack began in late November 2023 when the hackers conducted a password spray attack to gain access to a legacy non-production Microsoft tenant account. They then exploited the account's permissions to access some Microsoft employee email accounts, including members of senior leadership and teams like cybersecurity and legal. The hackers were able to exfiltrate some emails and documents.

Microsoft believes the initial goal was to target information related to Midnight Blizzard itself. The company said there is no evidence that the hackers accessed customer data, production systems, source code, or AI systems. Microsoft stated it will notify any customers if action is required on their part.

The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required.

The attack highlights the ongoing threat posed by well-resourced, state-sponsored actors like Midnight Blizzard, which is affiliated with the Russian government. Microsoft said it is continuing the investigation and will take additional actions based on the findings. It plans to share more details with the security community about the attack to help others defend against similar threats.

In response, Microsoft announced it will accelerate efforts to apply stringent security standards to legacy systems and internal processes, even if it causes some disruption. The company acknowledged this philosophy of prioritizing security over business risk is a shift from past practices.

Microsoft stated it is "deeply committed to sharing more information and learnings" from the attack so others can benefit. The company will also continue cooperating with law enforcement and regulators regarding the incident.

The attack serves as a sobering reminder that even the most sophisticated enterprises remain vulnerable to nation-state threat actors. Microsoft's transparent response and commitment to sharing details provide a model for how organizations can handle and learn from security incidents. By collaborating across the industry, we can collectively improve defenses against sophisticated, persistent hackers like Midnight Blizzard.

Read Also
Post a Comment